Posted
by
ScuttleMonkey
on Sunday July 09, 2006 @02:26AM
from the get-rich-quick-schemes dept.

prostoalex writes "Business Week has a detailed expose of Direct Revenue. The article has some juicy details on the everyday workings of a spyware outlet, talks about the the business model and advertisers who funnel cash to Direct Revenue, and even mentions Direct Revenue's anti-spyware achievements (the company's installer blasted away competing spyware apps, so that the user's computer wouldn't be overwhelmed with redundant pop-ups)."

The crack dealer on one side of the street achieved a victory against crime today when he killed the competing dealer on the other side.

I very much doubt that their reasons for blasting away competing apps were for the benefit of the user. Most likely, they don't want the user's computer to slow down enough for them to notice and do a spyware sweep.

I think the word achievement is very apropos in this context (as, like many other english words, it has multiple possible meanings/connotations) - they developed a considerable amount of technology, both to disable other spyware, and to prevent their spyware from being likewise removed. This is a signficant achievement, one which was in no small part a reason for their success. It can be recognized as such when readers isolate their analytical mind from their moral repugnance.

Also do remember that they are in the business of making money, not of causing problems for the user (that, to them, is merely an unfortunate side effect) - likely some people at that job slept easier knowing at least their software did one useful thing.

they are in the business of making money, not of causing problems for the user (that, to them, is merely an unfortunate side effect) - likely some people at that job slept easier knowing at least their software did one useful thing.

You are way too kind to this scum. Their rationalization was that there was money to be made but not for long and that only those who struck hardest would make it. The dirt bag interviewed admitted this by quoting Douglas, "Find out just what any people will quietly submit t

Not so. Just have to dig a bit into the court records provided publicly. Here's the PDF [state.ny.us] of the court document.

It shows the address of these folks on page 2 as 107 Grand Street, New York, NY [google.com]. Pulling up Google Earth it looks like you can find these folks at 40 deg 43'15.8N 74 deg 00'04.9W.

Not that I would suggest anything as childish as signing these folks up for free advertisements or any such thing. Just seems like since these folks are digging through everyone else's privacy I'm sure they wouldn't mind having their company address a matter of well known public record.

"Linux users! They can't benefit from this antagonism;)"Hey, I didn't even know that DirectRevenue even existed except for this dupe (I missed the original).

I am torn. Vista is supposedly going to have better security (heh) than XP (chuckle) and I'm sort of rooting for it to be successful in that regard if simply to put the malware and spyware hosers out of "bidness." But then we're talking "Microsoft" and "security" in the same sentence, like some other poster mentioned "Ethics Department of Sudan." Mi

For persons concerned about spyware it should be pointed out that the important thing is not the spyware company,

It is the companies which employ them.

The article glosses over that with only slight mention. . .

As a victim of the Aurora trojan on a Windoze box I became intimately aware of Direct Revenue and the damage they have caused to many people. Until this article, however, I always assumed they were supported by pr0n sites and spammers.

Instead it turns out Vonage is their main customer!

It's bad enough that Vonage plasters their annoying ads all over the net, and plays their annoying jingle on every channel of TV. Obviously, though, that is not sufficient. They must also use spyware to hook customers and violate more US and International laws.

Vonage has a history of this type of illegal behavior (in chronological order):1. Its Chairman, Jeffrey Citron, was charged by the SEC with Securities violations due to illegal trades, while he was Chairman of Datek Securities, before starting Vonage.

2. Vonage has consistently engaged in anticompetitvive behaviour against its competitors by blocking SIP calls, and locking down their devices to prevent customers from using the devices with competitors.

3. Vonage has consistently engaged in deceptive advertising when selling their equipment and services by not disclosing that the equipment is not really owned by the consumer (it can't be unlocked to work with other providers).

4. Vonage has consistently engaged in deceptive marketing by convincing customers to LNP port their existing phone number to Vonage when the LNP port could not be done. Even though Vonage could not port the number due to lack of a CLEC in their area code, Vonage reps would tell the customer it could be done "soon".

5. Vonage deceptively operates a web site at Vonage-Forum.com. Only recently has a notice gone up that the site is not operated by Vonage. The site, however, uses the trademarked Vonage name and logo, and has Vonage ads on it.

And yet, I'm only paying $25/mo for phone servive, instead of $50+ that I used to pay to the ILEC, using the broadband connection that I had already. I have heard about Vonage's troubles, their IPO problem, the fact that they're still burning cash. Fine. I'll get cheaper phone service while they do so.

1. Its Chairman, Jeffrey Citron, was charged by the SEC with Securities violations due to illegal trades, while he was Chairman of Datek Securities, before starting Vonage.

If he was charged before, then he was either found not guilty (in which case from the law's standpoint he didn't do anything wrong and it can't be held against him) or he was found guilty and paid the penalty for his actions (in which case, unless the penalty included abandoning the business field, he is also in the clear).

2. Vonage has consistently engaged in anticompetitvive behaviour against its competitors by blocking SIP calls, and locking down their devices to prevent customers from using the devices with competitors.

They sold you a device designed to work with their service. What law requires them to provide support to you in using that device outside of hte parameters for which it was designed and sold? You are free to modify your device all you want, but they are not responsible for helping you or fixing it if you make it unusable.

3. Vonage has consistently engaged in deceptive advertising when selling their equipment and services by not disclosing that the equipment is not really owned by the consumer (it can't be unlocked to work with other providers).

It was sold for the purpose of connecting to the Vongage service, and no representation was made that it can be connected to other services (at least, I can't find any in the materials I got with my adapter). If anything, they are up front about it. You are still free to modify it if you want, but they are not required to help you, nor are they required to make it easy for you. If you want an unlocked adapter, you need to search out and buy an unlocked adapter.

4. Vonage has consistently engaged in deceptive marketing by convincing customers to LNP port their existing phone number to Vonage when the LNP port could not be done. Even though Vonage could not port the number due to lack of a CLEC in their area code, Vonage reps would tell the customer it could be done "soon".

This one may have some merit, but in order to really prosecute it, you would need to establish that it is company policy, not simply the actions of individual customer service reps.

5. Vonage deceptively operates a web site at Vonage-Forum.com. Only recently has a notice gone up that the site is not operated by Vonage. The site, however, uses the trademarked Vonage name and logo, and has Vonage ads on it.

Just because a site uses the official name and logo doesn't mean that it is operated by those people, especially if they have a notice saying that they aren't. Advertising also does not equal ownership. Vonage puts ads on a lot of sites that they don't own, operate, or control.

I read the prospectus, and it was rather clear from the information provided that it would not do all that well. That is the fault of the people who either bought the stock without reading the prospectus, or who bought it in spite of all of the warnings. Those who made legal commitments to purchase stock but then wanted to back out after seeing the drop in price still have that legal obligation to purchase the stock.

Of the items you listed, you have at most one valid point. Perhaps you might reconsider a lot of your position.

It amounts to stalking, spying, possibly breaking and entering, and stealing, and the porn pop-ups break federal laws.

When you go to many websites, such as Amazon or Adam & Eve, you can expect as much privacy as in a local mall. But if someone were to follow you around from store to store, at that point it would be stalking.

Now when that "someone" (spyware company) breaks into your property (your computer) to install something without your consent (spyware programs), it's beyond just your typical stalking and into spying. Add to the charge that this "person" didn't have permission to enter your property in any way and you can add breaking and entering to this.

To run this program that you didn't consent to having uses power you are paying for. If it causes your system to crash, if you are someone who can't fix it, you've got to pay someone to repair it for you. Money out of your pocket. Theft. At the least of your own time to fix it.

When you go to a porn site, you usually have to click something saying you are at least 18 or of legal age to view sexually explicit material, and that you consent to doing so. If you were to sit a minor in front of the computer, or were to allow a minor to be nearby while viewing said material, you've commited an offense for which you could be required to register as a sex offender. But yet porn pop-ups happen on sites that aren't sexual in nature, sites that kids sometimes visit. The spyware company is giving no notice whatsoever that sexual material is about to pop up, no chance to consent or for children to be removed from the room first. Would this not be a violation of federal laws by the spyware companies by exposing minors to sexual material?

It's one of those things that's hard to define. You know it when you see it, but providing a hard and fast definition, which is what you need for a law, is very difficult. Every one I can think up either is too lax, and so it would not be useful because spyware companies would just find ways to modify their software to be legal, or is too strict, and bans useful software. For example you might be inclined to define it as software that downloads things to your computer in the background without you specificl

Before anything can install on your system, the company must obtain expressed consent. If software is bundled with something else, permission must be obtained. Software defined as a program which can run independently of the software/download/whatever with which is it bundled. (Such as if I download a program that needs Quicktime to run, I am asked if I want to download it as it is seperate.)

Or make it like an ingredients list for food. The contents are clearly labeled.

We all know that this is to confuse consumers. Attorneys spend a couple years shy of a decade in school to learn the law needed to understand these massive contracts, and yet the average person without law school experience is also supposed to be able to understand it. A law should be in place that contacts be understandable to the average education level in America, if not a good deal lower so that those who fall under that level can still understand. How about making contracts understandable to a 10th

I just suggested authorization for each individual program in response to another reply, but didn't say that the primary software company should be held responsible for undisclosed third-party software. However, I completely agree. But this could be kind of a moot point if the user agreement says you agree to receive third-party software. User agreements need to be written to be understandable at the 10th grade level. People without a law school education should not be expected to understand complicated

Do you ever watch That Man Show? At least back when Carrola (sp?) and Kimmel we both still on it. Okay, the girls ontrampolines was boring to me, but their sketches and interviews could be hilarious. There is this one (available on iTunes) with a man who was paid $100k to get implants. Download that segment, called "Man-Boobs," and watch it. Yes, his man-boobs are shown!

You know, the government probably does get this information. With what the bastards are already demanding ISPs to have over, I wouldn't doubt that they are indeed paying spyware companies for this information.

You have some mistaken premises above.Here's the short of it: nothing can run on your computer without your demand, much less consent. Nothing. Without your command to perform operations your computer would just be a giant paperweight.

How did the spyware get on your computer? How did it execute? Somewhere along the line you had to issue commands telling the computer to execute that code. It may even be three stages removed: you told the computer to do something and the computer executed the code in the proc

Clicking saying you are of legal age does not give them consent to install things on your computer. It means you are claiming to be of legal age, nothing more, unless it comes at the end of any sort of user agreement. In this case, you're fair game for porn pop-ups.

I was browsing 4chan the other day, in their Random section, looking for interesting (ha) pictures to add to my new website that's been in the works for way too long, and bam -- I get tons of popups, a bunch of icons appear on my desktop, and I've got three freakin' toolbars (unhideable toolbars, mind you) in all of my Explorer windows. What's more -- I was using Firefox. I have IE's settings set to the highest possible security, so that even in the worst case that IE lauched for any reason, I won't get screwed. But wow, I certainly did not expect Firefox to be vulnerable to spyware. (I have since reformatted -- I tried everything to get rid of the toolbars and extra crap. I eventually got rid of most of it, but the thing made it so I couldn't right-click anything except for icons in Explorer. Arrrr. Why didn't I view 4chan on my Slackware box? -- More digression: the spyware managed to install some crappy program, which was actually listed in Add/Remove Programs, but the program was using over 10 MB. How can spyware install so quickly if it's so large?)

I see a lot of computers with spyware. Most, if not all, of the computers that I fix have been completely demolished by malware, spyware, adware, and just general crap. A lot of times, it's from user ignorance (the kind of people that don't even skim EULAs). However, many times, it's from them visiting a website that looks just fine, and the website using some kind of hole in IE to screw over the viewer.

So I must ask, how is exploiting security holes a legal business method? It's obvious that most spyware-creating companies use this tactic, since it's obvious that no one in their right minds would accept spyware voluntarily. Since many times it is known (through thorough searches and whatnot) who created the spyware with which one's machine is infected, I find it hard to believe that no serious legal action has been taken up with these companies.

I am truly displeased to see even Firefox becoming a serious target for these jackasses. If Opera felt better (I have this thing about the "feel" of some programs that I can't explain) I might think about almost downloading it.

So I must ask, how is exploiting security holes a legal business method?its not

It's obvious that most spyware-creating companies use this tactic, since it's obvious that no one in their right minds would accept spyware voluntarilyno afaict its thier redistributers (usually on some form of commission) who do so. Theese redistributors are much harder to trace and when you do they are the bottom of the pile and easilly replaceable anyway.

I've been thinking about this alot lately, and why *not* make Site Operator's or ISP's liable for the client's activities?
I mean, If an advertiser or client becomes a liability, wouldn't spyware go away on it's own without having to be illegal?

I'm sure this angle has been covered before.. but it's early and I'm still on my first cup of caffiene.

Companies have the right to advertise, but (imho)they don't have the right to install *anything* on your PC. (For that matter, what is acceptable advertisin

I've been thinking about this alot lately, and why *not* make Site Operator's or ISP's liable for the client's activities?

This is a very bad idea. Telecommunications companies enjoy what is called "common carrier status" meaning they are not responsible typically for the nature of the content across their networks. Instead, they are merely "common carriers." Can you imagine AT&T being charged because of a discussion over their long distance service that ended up involving illegal activity? The firs

Direct Revenue has struggled to fend off a lawsuit filed in April by New York Attorney General Eliot Spitzer. The state court action alleges that Direct Revenue crossed a legal line by installing advertising programs in millions of computers without users' consent. Shining a light on the shadowy spyware trade, the suit asserts that the company violated New York civil laws against false advertising, computer tampering, and trespassing.

Why aren't these guys in jail? Computer tampering is a federal felony cri

My favorite page-1 quote from that article would have to be Some advertisers say their messages have appeared in pop-ups without their permission.

How STUPID do they think we are? As an advertiser, you don't accidentally advertise for someone that's not paying you. When's the last time you saw a commercial on TV that the retailer denied they paid for? The spammers are charginng a lot for their service, and there is no shortage of customers, so I'm quite certain they are only spamming for paying customers.

More than likely these are cases where someone in marketing got the brilliant idea to advertise with spyware and started it without really letting their uppers know what the fallout was going to be. Then six months later when the CEO's in-box is piled high with complaints they deny they had anything to do with it.

...how can I prevent my ads from being served by spyware? How about a clause in my contract with the advertising company that says "Ads served by provider and any subcontractor will not be served by pop-up, and will only be served as the result of a user willfully navigating to a web page which serves ads, and may not be served as the result of any additional software installed on the user's computer. The definition of 'pop-up', 'willfully navigating' and 'installed' remains at the discretion of the customer, and we reserve the right to terminate this contract if the advertising agency is unable to assure us that it meets these criteria."

For some small business this wouldn't work too well, but if big companies started doing it, and it became standard operating procedure for corporations, it would help a lot. Suddenly, other advertisers will just stop dealing with these guys.

Nailing down the definitions is a bit tricky, and IIRC there was a case where some company sued over being designated as malware, so this approach isn't a cure-all. Going after the actual technical definition of something is a bit more effort, but it quashes the arguments of companies that might complain they are being singled out prejudicially.

Also, pornographers and other shady businesses will always do stuff like this, but at least we'll maintain the association of sleaziness with pop-ups and spyware, which is where it belongs.

Personal email at one point was getting so bad that I was concidering telling people to send me a fax instead of an email.I do have a fax machine so if it would come to that crunch, I have it in preparedness. It has an added bonus that people who send junk faxes can be easily prosecuted.

Thus illustrating the old saying "for every complex problem, there is a solution that is simple, neat, and wrong." When it becomes OK to kill anyone that does something you don't like, it also becomes equally possible that others will kill you when you do something they don't care for. But of course you're a good enough troll to know that already.

Thus illustrating the old saying "for every complex problem, there is a solution that is simple, neat, and wrong." When it becomes OK to kill anyone that does something you don't like, it also becomes equally possible that others will kill you when you do something they don't care for. But of course you're a good enough troll to know that already.

And for every truth, there's a way to simplify it to the point of idiocy. When someone's doing something that causes you a significant amount of hardship and is making money doing it, they aren't just "doing something you don't like".

That said, I think killing them would be a bit harsh (unless the spyware managed to lock up a computer doing something truly important, but taking a two-by-four to some non-vital parts of their body would be appropriate. That's about what most people would do to an adult they caught vandalizing their car.

And for every truth, there's a way to simplify it to the point of idiocy.

No discussion on/., or otherwise on the net is going to capture the subtle nuances, complex sets of laws and traditions, and the many an varied moral issues dealing with people who could perhaps be considered "mass vandals." So far they haven't put any lives in danger (typically one of the prerequisites for capital punishment, though it varies by state) - they merely cause inconvenience / reversable "damage" to a large number of i

Now sure, even the Great Depression was reversable in some sense, but it really wasn't. History was changed. A whole alternate set of people were born, different people got married, different people died...

Did it cause you a significant amount of hardship, comparable to what the average person would have if their computer were disabled for a few days or their car was vandalized? Did you have to hire someone to fix something that no longer worked, or take an hour to do it youself?

Try reading the post again, without skipping words, because you aren't arguing against something that I said.

Well, if they were doing it in response to you installing spyware on 100 million computers, I seriously doubt that any jury in North America (that hasn't been living in a cave for the last decade) will convict you for beating them with a 2x4. Heck, if the guy was found with a knife sticking out his back, a dozen bullet wounds with entry from the back, etc, it would quickly be ruled as a suicide.

Long ago I stopped reading email bounce messages. If my email bounces, oh well. It's just lost. I get hundreds of bounces each day for emails that spammers sent in my name.

My email does bounce though, all the time. It bounces because everybody and their dog invents a brutal spam filter, each one differently flawed.

Just today I failed to communicate with somebody. Gmail sends from *.google.com instead of gmail.com, which is enough to bounce and/or silently delete the mail.

Even after filtering, much of the email I get is spam.

Lately, I don't even bother reading email that claims to come from banks that I actually do business with. Figuring out the legitimacy multiple times per day is too time-consuming.

Email is my primary communication method. It has been ruined. I can no longer rely on messages to be delivered and read. This has been a grave loss for me. I'm just one of many. So yes, the spammer should die. Humanity loses too much from this sort of behavior.

PMITA prison for 20 years should chill some of these guys out... Considering what a big impact this kind of behavior has on our economy, I'm surprised there isn't more action to stop it by our law enforcement officials.

It's fun to think about these guys being tortured to death for what they do to everyone, but seriously, what you suggest is a far worse punishment than we give to most people convicted of raping children or serial murder, despite being the only western nation that even has the death penalty. Sometimes there are better ways to solve a problem, and I cannot condone capital punishment for nonviolent crimes (even violent crimes are not considered bad

As long as "raping children" doesn't mean "a 17-year-old wanted it", they can die too. I'd require strong evidence of either sadistic behavior or a pre-pubescent victim.My first thought is always along the lines of "tortured to death". It feels good to have them suffer, and what better way to deter them? Burn them at the stake, with just enough fuel to kill them within a couple days.

My second thought is that we should be cheap and efficient about this. Toss them into a container where they rot to produce me

How about an ironic punishment by having to fix thousands of spyware infected computers - arrest these fuckers, put them in a room and feed them spyware infected computers and order them to fix them. A machine proved not to be squeaky clean by the owner on return earns, oh, 20 lashes and a night with Hairy Bob. Hairy bob likes company.

"think it would be significantly less effort for you to transition to a new email address. This time, don't give it out to anyone you don't trust. Get a throw away address for that and filter/forward it."

Tried that - doesn't work. Why?

Well, a lot of the people I email use Windows (I know, I know) and they are frequently compromised. The attacker gets their email list and Bingo!

Actually it does work, for a while. But then the rot starts and slowly, but surely the spam mounts up again.

Let us imagine a scenario: A single spam mail is a minor inconvenience. Like a pin stuck in your body in a random place.Not such a big problem, isn't it? Not even a reason for lawsuit.But if someone pinned 10,000 such pins in your body, that would be considered a murder with extreme cruelty.Except if the pins are distributed over 10.000 people. For each of them it will be a minor inconvenience.But now multiply the number of people who pin these pins in. Say, you get 200. This hurts like hell. You can barely

Bill Gates and his company, Microsoft, who invented the market for computer operating systems for people too stupid to run and administer a computer

They were only copying what Xerox, Apple and others had already done.

If computers could only be used by people who knew how to administer the, then there would be far fewer computers in use. Most people do not want to learn about computers, they are not interested. Ease of use is necessary.

It is also perfectly possible to have an OS that is easy to administer and reasonably secure. I have friends who no absolutely nothing about computers who have no problems with Macs. My father finds Ubuntu easier than Windows (although I initially installed it for him and occasionally give him some help).

It is not ease of use that is the problem. It is bad design, poor implementation and simply not caring about security.

Jesus, what a load of crap. I run a stable XP box with a combination of a virus scanner and a hardware firewall, and I have no problem with spyware or viruses (you know, the actual plural of virus), and the only time it goes down is when I (rarely) shut it down. The one time I had a problem with spyware that a good dose of Adaware couldn't fix, I just went back to the last system restore point.
I don't need to know how Windows "really" works to be able to use it. It's a tool. Do you know how your car really works? Your dishwasher? Your microwave? Could you build one from scratch? You don't need to, as long as you don't crash your car or put your foot through your microwave. Same goes with Windows - don't download stupid crap, and you'll be fine. "Insightful", indeed...

Virus scanner: free, hardware firewall: wireless router, and as I said, Adaware and system restore are rarely needed (with the system restore being a one off). My Win2k box has been running for 4 years, and that is a crappy Dell machine. All you have to do is follow good pratice and be sure what you are downloading/accepting etc. Oh and don't use IE, because I agree, it is a piece of crap.